9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.701 High
EPSS
Percentile
98.0%
Severity: High
Date : 2021-04-29
CVE-ID : CVE-2021-21222 CVE-2021-21223 CVE-2021-21224 CVE-2021-21225
CVE-2021-21226
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1843
The package chromium before version 90.0.4430.85-1 is vulnerable to
multiple issues including arbitrary code execution and sandbox escape.
Upgrade to 90.0.4430.85-1.
The problems have been fixed upstream in version 90.0.4430.85.
None.
Heap buffer overflow in V8 in Google Chrome prior to 90.0.4430.85
allowed a remote attacker who had compromised the renderer process to
bypass site isolation via a crafted HTML page.
Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed
a remote attacker who had compromised the renderer process to
potentially perform a sandbox escape via a crafted HTML page.
Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a
remote attacker to execute arbitrary code inside a sandbox via a
crafted HTML page. Google is aware of reports that exploits for this
issue exist in the wild.
Out of bounds memory access in V8 in Google Chrome prior to
90.0.4430.85 allowed a remote attacker to potentially exploit heap
corruption via a crafted HTML page.
Use after free in navigation in Google Chrome prior to 90.0.4430.85
allowed a remote attacker who had compromised the renderer process to
potentially perform a sandbox escape via a crafted HTML page.
An attacker can escape the site isolation sandbox through a compromised
rendered process. In addition, an attacker can execute arbitrary code
and escape the sandbox through a crafted HTML page.
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html
https://crbug.com/1194046
https://crbug.com/1195308
https://crbug.com/1195777
https://crbug.com/1195977
https://crbug.com/1197904
https://security.archlinux.org/CVE-2021-21222
https://security.archlinux.org/CVE-2021-21223
https://security.archlinux.org/CVE-2021-21224
https://security.archlinux.org/CVE-2021-21225
https://security.archlinux.org/CVE-2021-21226
chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_20.html
crbug.com/1194046
crbug.com/1195308
crbug.com/1195777
crbug.com/1195977
crbug.com/1197904
security.archlinux.org/AVG-1843
security.archlinux.org/CVE-2021-21222
security.archlinux.org/CVE-2021-21223
security.archlinux.org/CVE-2021-21224
security.archlinux.org/CVE-2021-21225
security.archlinux.org/CVE-2021-21226
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.701 High
EPSS
Percentile
98.0%